import Card from "@site/src/components/card";

# Privacy Policy

<Card
  label="privacy-policy.pdf"
  href="https://touca.io/docs/external/assets/touca-doc-privacy-policy.pdf"
>
  PDF
</Card>

This privacy policy sets out how Touca, Inc. collects, processes and uses your
Personal Information through your use of our Services.

## Definitions

**Anonymized Data** means anonymous information collected by us through your use
of this Website or our Services for statistical and/or demographic purposes.
Anonymized Data may be derived from Personal Information.

**Data Processor** means each of the following: Mixpanel.

**DPO** means Data Protection Officer, and is the person specifically appointed
by us to deal with your enquiries with respect to this privacy policy and your
Personal Information.

**Personal Information** means any identifying information about you. This
includes, but is not limited to, the following: email address; name;
username/passwords; debit and credit card number; and cookies and usage data.

**Services** means all services provided by Touca, Inc. to you, including \(but
not limited to\) this Website and the following: Delivery of product and
service; Marketing and communications; and User management.

**Website** means [https://touca.io](https://touca.io) and its subdomains.

## Personal Information Collection

We only collect and use Personal Information to the extent necessary to provide
you with the Services. We collect Personal Information for the Website to
provide you with a better online experience.

We also provide the following services:

**Delivery of product and service**: To deliver the Services, fulfill and manage
customer orders and provide customer support.

**Marketing and communications**: To send marketing and promotional materials
and other information that may be of interest to you. User management To allow
users to create and manage their accounts so they can use the Services.

**Personal Information Retention**: We keep Personal Information for the
shortest time necessary to provide you with Services and to meet all our legal
and compliance obligations. To determine this retention period, we take into
account \(i\) the nature of the Personal Information gathered; and \(ii\) the
nature of our legal and compliance obligations. All Personal Information no
longer required by us is destroyed and/or erased.

## Anonymized Data

We may use, collect and share Anonymized Data for any purpose at our discretion.
Anonymized Data cannot be used to reveal your identity \(either directly or
indirectly\). We may retain all Anonymized Data indefinitely.

Anonymized Data includes:

- **Device data**: This includes information about the device used to interact
  with our Services.
- **Location data**: This includes geolocation data \(based on your IP
  address\).
- **Log and usage data**: This includes usage and performance information with
  respect to our Services.

## Personal Data from Third Parties

We may, from time to time, obtain Personal Information from third parties to
enable us to better tailor our Services to you \(**Third Party Personal
Information**\). When we obtain Third Party Personal Information, we will notify
you within one month.

If we use or share Third Party Personal Information, we will notify you
immediately.

## Your Rights

With respect to Personal Information we hold, you have the following rights:

- **Access**: You may request from us access to your data that we hold on you.
- **Rectification**: If the data we hold on you is inaccurate, you may request
  that we correct it. If the data we hold is incomplete, you may request that we
  complete it.
- **Erasure**: Subject to certain conditions, you may request that we erase all
  of the data we hold on you.
- **Restrictions**: Subject to certain conditions, you may request that we
  restrict the processing of data we hold on you.
- **Portability**: Subject to certain conditions, you may request that we
  transfer all the data we hold on you to a third party \(including yourself\).
- **Objections**: Subject to certain conditions, you may object to us processing
  the data we hold on you.

## Data Processors

We engage Data Processors to assist us in providing you with Services. Data
Processors are contractually obligated to us, and must:

- comply with, and act only on, our instructions with respect to the data that
  they process on our behalf \(we, of course, give our instructions in
  accordance with this privacy policy\);
- notify us if they believe we are acting in breach of the GDPR \(where
  applicable\);
- first obtain our consent prior to sub-contracting data processing services;
- comply with their obligations under the GDPR (where applicable).

## Your Account

If you choose to create an online account with us, you have the right to:

- Update or delete your account at any time; and
- Opt-out of receiving emails and other communications from us.

## Social Media

You may choose to engage with our Services through a variety of social media
sites and platforms, for example Facebook, Instagram and Twitter. When you
interact with our Services through these social media platforms, you may allow
us to receive Personal Information and other Anonymized Data on how you are
interacting with our Services. This will depend on your privacy settings on each
social media site and platform.

The data we are provided by you through your interaction with our Services on
social media sites and platforms will be used by us subject to the terms of this
privacy policy. Depending on your social media site’s privacy settings, your
Personal Information may become public to a community of users if you choose to
engage with our Services through these platforms.

For further information on how you can customize your privacy settings on social
media sites and how those sites handle your privacy, please refer to the privacy
policy of each particular social media site.

## Minors

We do not knowingly collect information on children under the age of 16
\("Child"\). If you become aware that a Child has provided us with Personal
Information, please contact us. If we become aware that we have collected
Personal Information from a Child without their parent's verifiable
authorization to access our Services, we will take steps to remove that
information from our servers.

## Third Party Links

Our website contains links to other third-party websites not owned or managed by
Touca. This privacy policy applies to this website only. If you click a link to
a third-party website, the privacy policy of that website will apply. We highly
recommend that you read the privacy policies of other websites as they may be
different from ours.

## Payment Vendors

You can make payments via our website. Our vendors are listed below:

- **Stripe**: Their privacy policy can be viewed at
  [https://stripe.com/privacy](https://stripe.com/privacy).

## Merger, acquisition or asset sale

If we or our subsidiaries are involved in a merger, acquisition, or asset sale,
your Personal Information may be transferred.

## Updates

We are constantly reviewing our privacy policy and procedures to ensure that
they meet best practices. This policy was last updated on March 9, 2022.

## Contact us

If you have any questions or suggestions about our privacy policy or want to
know more information about Personal Information we hold, please contact us at
hello@touca.io or write to us at 548 Market St PMB 93767 San Francisco,
CA 94104.

## Complaints

If you believe that we have breached our obligations to you under this privacy
policy or relevant privacy laws, please contact us at legal@touca.io or write to
us at 548 Market St PMB 93767 San Francisco, CA 94104.

If you are not satisfied with our response, you have the right to lodge a
complaint at any time to your relevant authority.
